7.9 billion records have been exposed in data breaches from the months of January to September, a report from Risk Based Security has revealed.
This is a huge 112% increase from last year’s report.
The cybersecurity firm found that of the 5,183 breaches they analyzed, 1,692 were reported in the US alone.
It was also established that just 6 breaches were accountable for the exposure of 3.1 billion data records.
The expert’s point of view
On discussing the breach, Ray Walsh, Data Privacy Expert at ProPrivacy suggests that breaches are getting worse each year and that “data theft has reached epidemic proportions.” Walsh added that what is especially worrying is that given the investment going into data protection, problems are not improving.
“This data demonstrates two clear things: a lack of success despite an increase in investment, and a fundamental problem created by the two opposing forces – the will to hack and the need to protect.” Walsh proposes.
“For hackers, payoff only ever transpires once success is achieved. This creates a singular objective that they must work tirelessly toward to gain success and therefore a reward. For businesses, whose revenue is acquired via the day to day running of the enterprise, the will to protect data is not the singular purpose of the business and as such investment in time, money and effort is not equal to the efforts put in by the hacker to overcome the security it has in place,” he adds.
Who is targeted the most and why?
Walsh also implies that those sectors being targeted the most are ones that can give the highest return, such as retailers, medical services, public entities, and the economic sector. It’s thought this is because these have the largest amounts of Personal Identifiable Information (PII) which can be further be sold on and used to turn the most profit.
Despite the investments, there is still a lot of room for improvement, the expert added.
The data privacy expert says: “For firms that are still suffering data breaches (despite recent investment in improving security) better analysis of systems, penetration testing and risk assessments are needed at the hands of professional managed security service providers (MSSPs). However, it is essential that firms are working hand in hand with those services on an ongoing basis in order to proactively, and not just reactively, protect against threats.”